Basic Miniscript support in output descriptors

[sipa]

This pull request introduces support for miniscript in Bitcoin Core.

The bulk of the code is in the 3 commits that add the miniscript module, including conversion from/to CScript, converting to and parsing from its engineer-readable string notation, property analysis and ops limit/stack size limit that are necessary to assess the security of arbitrary scripts.

A number of tests are included, including tests against known scripts, and against randomly generated scripts.

The final commit integrates the miniscript module into descriptors. This is only rudimentary, as it is not yet integrated in the signing code. I'm including it here to give something accessible to play with, but if desirable I can move that to a later PR as well.

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #17056 (descriptors: Introduce sortedmulti descriptor by achow101)
• #16889 (Add some general std::vector utility functions by sipa)
• #16887 (Abstract out some of the descriptor Span-parsing helpers by sipa)
• #16807 (Let validateaddress locate error in Bech32 address by meshcollider)
• #16710 (build: Enable -Wsuggest-override if available by hebasto)
• #16440 (BIP-322: Generic signed message format by kallewoof)
• #15590 (Descriptor: add GetAddressType() and IsSegWit() by Sjors)
• #13751 (Utils and libraries: Drops the boost/algorithm/string/split.hpp dependency by l2a5b1)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[practicalswift]

Concept ACK

Thanks for the great work on miniscript and the C++ implementation!

This version seems to deviate somewhat to the version in the upstream repo which makes it unclear to me which of the issues I found during my review that have been addressed:

• Avoid termination due to unhandled exception when parsing invalid arguments to after(...), older(...), thresh(...) and thresh_m(...)
• Avoid assertion failure on after(k) or older(k) where k < 1 or k >= 0x80000000UL
• Avoid running out of stack space by limiting recursion depth in Parse(...)
• Policies with too high nesting depth are not rejected: It is possible to create small inputs that cause extreme memory usage (in practice: OOM kill or std::bad_alloc)

Could you clarify? :-)

[sipa]

@practicalswift Thanks for reminding me, I had forgotten about those (and wasn't really looking at the miniscript repo while working on this PR). Specifically:

• The overflow/underflow issue and the OOM issue don't apply here, as they're in the compiler code which I'm not PR'ing here.
• The unhandled exception I've fixed independently because stoul and friends are locale dependent (both here and upstream).
• The stack depth we need to fix still, I've commented on the issue.

Also, this PR should be perfectly in sync with the upstream repo, so if you want to PR fixes, they can go there preferably, and I'll incorporate them here.

[practicalswift]

@sipa Would you mind cherry-picking in the miniscript::FromScript(...) fuzzer from #17129 in to this PR? That would allow for closing #17129 which is entirely dependent on the merge of this one anyway :)

[practicalswift]

@fanquake Could you add "Waiting for author"? :)

[MarcoFalke]

"Needs rebase" implies "Waiting for author"

[achow101]

I've noticed that there are some Miniscript functions that may conflict in naming or functionality with existing output descriptors that may cause issues.

• multi() and thresh_m() are functionally the same. So the easy thing to do would be to just make multi() an alias for thresh_m()
• sortedmulti() currently has no Miniscript counterpart. But I think that is easily solved by having a sorted_thresh_m() which is semantically the same.
• pkh() and pk_h() are very similar, both in naming and function. pkh() is the same as c:pk_h() so I think we can just call pkh() an alias for c:pk_h(). Since pkh() and pk_h() are named differently, the only other issue is that they may confuse people.
• pk() in descriptors directly conflicts with pk() in Miniscript. pk() in descriptors is c:pk() in Miniscript. Because they are named exactly the same but have (slightly) different meanings, this can cause some issues.
  • One solution is to change the meaning of pk() depending on its location. If found at the top level or as the direct child of a sh() or wsh(), it would mean the current meaning today (to preserve compatibility). If found elsewhere, it would have the Miniscript meaning. But this solution is confusing as pk() has multiple meanings and it could be easy to mess up.
  • Alternatively we could deprecate and remove the usage of pk() and replace it with c:pk(). We could add c:pk() now (for 0.20) and have it mean the same thing as pk() now. Then once Miniscript is merged, remove pk()'s descriptor definition and just use the Miniscript definition. We could add warnings in some places as well to let people know that their usage of pk() is deprecated. The good thing about this is that pk() probably isn't currently being used so this probably won't effect a lot of people.

We will still need to preserve the current naming of functions as people may already be using them and changing these would break compatibility. At least most of these are straightforward aliases.

[Sjors]

Concept ACK, after many hours of @apoelstra explaining Miniscript and its relation to Output Descriptors :-)

I like @achow101's suggestion:

• Alternatively we could deprecate and remove the usage of pk() and replace it with c:pk(). We could add c:pk() now (for 0.20) and have it mean the same thing as pk() now.

Would be great to get a rebase of this before 0.20 splits off, so we can deprecate other Output Descriptor stuff early on, if needed.

[sipa]

After a number of discussions, I think this highlights the possibility to decrease the gap between Miniscript and non-Miniscript descriptors.

My suggestion is making the following changes to Miniscript:

• Rename thresh_m to multi.
• Rename pk to pk_k.
• Add an alias pk(A)=c:pk_k(A) (just like and_n(A,B)=andor(A,B,0) for example).
• Add an alias pkh(A)=c:pk_h(A).

That means that for users, there doesn't need to be a distinction between Miniscript or not, as pk(A) and wsh(pk(A)) would look uniform. Meanwhile, implementations could choose what to deal with at what layer (e.g. top-level pkh could be dealt with as a special case, or through a sufficiently generic Miniscript library).

I prefer this approach as at this stage I'm more comfortable with making some small changes to Miniscript, than to change descriptors in general.

[practicalswift]

@sipa I would like to continue my robustness testing of this PR. Could you please rebase on master and perhaps also pull in my fix for the heap out-of-bounds read present in the current version of this PR: "Avoid heap out-of-bounds read in Node::CalcOps (test case: OP_0 OP_2 OP_EQUAL) and assertion failure in ComputeType (test case: OP_0 OP_0 OP_EQUAL)"? :)

[darosior]

Concept ACK

[michaelfolkson]

Scratching the surface on what would be needed to revitalize this PR. Obviously there is a mega rebase to do as it has been sitting here for a while but there have also been some changes since to the C++ implementation of Miniscript. Presumably it would make sense to work on the Core rebase first and then the Miniscript updates?

edit:

This version seems to deviate somewhat to the version in the upstream repo which makes it unclear to me which of the issues I found during my review that have been addressed:

Plus this. Not just Miniscript updates since this PR was opened but deviations before the updates.

[meshcollider]

(Just for the information of those wondering what's happening here, there are currently a few things being finished up in the miniscript repository before this PR is rebased, but it is a current WIP so expect something soon-ish!)

[DrahtBot]

There hasn't been much activity lately and the patch still needs rebase. What is the status here?

• Is it still relevant? ➡️ Please solve the conflicts to make it ready for review and to ensure the CI passes.
• Is it no longer relevant? ➡️ Please close.
• Did the author lose interest or time to work on this? ➡️ Please close it and mark it 'Up for grabs' with the label, so that it can be picked up in the future.

[Sjors]

It would be nice to have an up to date version here to compare with ElementsProject/libwally-core#310

[darosior]

The most up-to-date WIP is available here darosior#2 but for the purpose of reviewing other implementations i'd recommend checking against the C++ implem at sipa/miniscript or the Rust one at rust-bitcoin/rust-miniscript. -------- Original Message --------

…

On Dec 28, 2021, 14:49, Sjors Provoost wrote: It would be nice to have an up to date version here to compare with [ElementsProject/libwally-core#310](ElementsProject/libwally-core#310) — Reply to this email directly, [view it on GitHub](#16800 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AFLK3FZZZEXPSKKZNKVZ4DTUTG6APANCNFSM4ITMYUUQ). Triage notifications on the go with GitHub Mobile for [iOS](https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675) or [Android](https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub). You are receiving this because you commented.Message ID: ***@***.***>

[fanquake]

@sipa did you want to close this now that #24147 is open?

[sipa]

Superseded by #24147.